COOLJAPAN
← All posts
January 19, 2026 • 8 min read

AmateRS 0.1.0 Released — Compute on Encrypted Data, Never Reveal the Plaintext

AmateRS is a distributed database with Fully Homomorphic Encryption — run queries and computation directly on encrypted data without ever exposing plaintext to the server. Built in Pure Rust with LSM-tree storage, an FHE compute engine, Raft consensus, and gRPC.

release amaters fhe homomorphic-encryption database privacy rust distributed-systems

What if your database never had to see your data to work with it?

Today we released AmateRS 0.1.0 — a next-generation distributed database with Fully Homomorphic Encryption (FHE) that lets you compute on encrypted data without ever exposing plaintext to the server.

No C. No Fortran. No SEAL or OpenFHE bindings dragged in through a forest of -sys crates. No plaintext-requiring cloud database quietly assuming it gets to read everything you store. AmateRS is 100% Pure Rust by default. It uses oxicode for serialization instead of bincode, and the only bincode that appears anywhere is feature-gated behind the TFHE serialization path — off unless you ask for it. It compiles to a single static binary you can drop onto a server and run. The mythology behind the name fits the design: like Amaterasu hiding in the Heavenly Rock Cave (Iwato), your data stays sealed inside a cryptographic shell while the computational light still shines.

Why AmateRS 0.1.0 matters

Every cloud database today asks for the same thing: your plaintext. To filter, to index, to compute, the server has to decrypt. That single requirement is the root of the privacy-versus-utility trade-off — you either keep data useful (and trust the operator to read it) or keep it private (and give up computing on it). AmateRS exists to remove that trade-off. The server never holds your keys, never decrypts, and still does useful work.

This first release is early but solid. Here is what is already real in 0.1.0:

All of it sits on top of 600+ tests passing at a 100% pass rate. We are not publishing benchmark numbers yet — at 0.1.0 we would rather under-promise on performance and let the architecture speak.

Technical Deep Dive

AmateRS is organized into four components, each named after a piece of the Amaterasu myth and each mapping to one layer of the system.

Iwato (岩戸) — the Heavenly Rock Cave — Storage Engine. A from-scratch LSM-tree. Writes land in a skip-list memtable and the WAL, flush into SSTables guarded by bloom filters, and settle through multi-level leveled compaction running on background threads. WiscKey value separation keeps large values out of the LSM levels so compaction stays cheap, and an LRU block cache keeps hot blocks resident. Crash recovery replays the WAL.

Yata (八咫鏡) — the Eight-Span Mirror — Compute Engine. This is where computation in the dark happens. Built on TFHE-rs, Yata exposes a circuit builder over encrypted integer and boolean types, a predicate compiler that lowers an AQL filter into an FHE circuit, server-side (multi-tenant) key management, and circuit caching plus optimization so repeated work is not recompiled from zero. There is also runtime GPU detection for future acceleration.

Ukehi (宇気比) — the Sacred Pledge — Consensus. A Raft implementation in its first phase: leader election with randomized election timeouts, log replication, node discovery and membership, and a network abstraction layer. This is the foundation the distributed story is built on.

Musubi (結び) — the Knot — Network Layer. gRPC over HTTP/2 via tonic 0.14, TLS and mutual TLS through rustls and webpki, connection pooling with retry and backoff, graceful shutdown, liveness/readiness health checks, and a Prometheus metrics endpoint.

Getting Started

Add the facade crate to a project, or build the server and CLI straight from the repository.

# As a library dependency
cargo add amaters

# Or build from source
git clone https://github.com/cool-japan/amaters
cd amaters
cargo build --release

# Start the server
cargo run --bin amaters-server -- start --data-dir ./data

# Use the CLI (flat commands)
cargo run --bin amaters-cli -- set my_key "encrypted_data"
cargo run --bin amaters-cli -- get my_key

# Filter query syntax
cargo run --bin amaters-cli -- query "collection('users').filter(age > 18)"

From Rust, connect with the SDK and read and write keys:

use amaters_sdk_rust::AmateRSClient;

#[tokio::main]
async fn main() -> anyhow::Result<()> {
    let client = AmateRSClient::connect("http://localhost:7878").await?;

    client.set("my_key", "encrypted_data").await?;
    let value = client.get("my_key").await?;
    println!("{value:?}");

    Ok(())
}

What’s inside

Grouped by component, here is what 0.1.0 actually ships:

Known issue at 0.1.0 — honest disclosure. Client-side FHE filtering is not yet wired into the wire protocol. The encrypted predicate is compiled and computed, but it is not carried in the protobuf message, so filter queries currently return all rows rather than the filtered set. The plumbing for genuine end-to-end encrypted filtering exists; connecting it through the protocol is next on the list. We would rather ship 0.1.0 with this stated plainly than pretend the loop is closed.

Tips

This is the foundation

AmateRS is the confidential-computing layer of the COOLJAPAN ecosystem. Its most direct tie is a real dependency: serialization runs through oxicode, our Pure Rust replacement for bincode, so AmateRS inherits the same no--sys, no-C posture as the rest of the stack. It sits alongside siblings like OxiARC, OxiBLAS, SciRS2, and Legalis-RS — all Pure Rust, all sovereign by default. For a 0.1.0 that is as much of the ecosystem story as we want to tell; the point of this release is the database itself, not the company it keeps.

Repository: https://github.com/cool-japan/amaters

Star the repo if a database that never sees your plaintext is the kind of thing you have been waiting for — and tell us what you build on it.

Pure Rust confidential computing is here — fast, safe, and sovereign.

KitaSan at COOLJAPAN OÜ January 19, 2026

↑ Back to all posts